ID

VAR-202001-1196


CVE

CVE-2020-3139


TITLE

Cisco Application Policy Infrastructure Controller  Input validation vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-001460

DESCRIPTION

A vulnerability in the out of band (OOB) management interface IP table rule programming for Cisco Application Policy Infrastructure Controller (APIC) could allow an unauthenticated, remote attacker to bypass configured deny entries for specific IP ports. These IP ports would be permitted to the OOB management interface when, in fact, the packets should be dropped. The vulnerability is due to the configuration of specific IP table entries for which there is a programming logic error that results in the IP port being permitted. An attacker could exploit this vulnerability by sending traffic to the OOB management interface on the targeted device. A successful exploit could allow the attacker to bypass configured IP table rules to drop specific IP port traffic. The attacker has no control over the configuration of the device itself. This vulnerability affects Cisco APIC releases prior to the first fixed software Release 4.2(3j). Cisco Application Policy Infrastructure Controller (APIC) Contains an input validation vulnerability.Information may be altered

Trust: 1.71

sources: NVD: CVE-2020-3139 // JVNDB: JVNDB-2020-001460 // VULHUB: VHN-181264

AFFECTED PRODUCTS

vendor:ciscomodel:application policy infrastructure controllerscope:ltversion:4.2\(3j\)

Trust: 1.0

vendor:シスコシステムズmodel:cisco application policy infrastructure controllerscope:eqversion: -

Trust: 0.8

vendor:ciscomodel:application policy infrastructure controllerscope:eqversion:1.03i

Trust: 0.6

vendor:ciscomodel:application policy infrastructure controllerscope:eqversion:1.02j

Trust: 0.6

vendor:ciscomodel:application policy infrastructure controllerscope:eqversion:1.03n

Trust: 0.6

vendor:ciscomodel:application policy infrastructure controllerscope:eqversion:1.01e

Trust: 0.6

vendor:ciscomodel:application policy infrastructure controllerscope:eqversion:1.03f

Trust: 0.6

vendor:ciscomodel:application policy infrastructure controllerscope:eqversion:1.01h

Trust: 0.6

vendor:ciscomodel:application policy infrastructure controllerscope:eqversion:1.02m

Trust: 0.6

vendor:ciscomodel:application policy infrastructure controllerscope:eqversion:1.01k

Trust: 0.6

vendor:ciscomodel:application policy infrastructure controllerscope:eqversion:1.01n

Trust: 0.6

vendor:ciscomodel:application policy infrastructure controllerscope:eqversion:1.03k

Trust: 0.6

sources: JVNDB: JVNDB-2020-001460 // CNNVD: CNNVD-202001-1129 // NVD: CVE-2020-3139

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3139
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3139
value: MEDIUM

Trust: 1.0

NVD: CVE-2020-3139
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202001-1129
value: MEDIUM

Trust: 0.6

VULHUB: VHN-181264
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-3139
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-181264
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

ykramarz@cisco.com: CVE-2020-3139
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.8

nvd@nist.gov: CVE-2020-3139
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-181264 // JVNDB: JVNDB-2020-001460 // CNNVD: CNNVD-202001-1129 // NVD: CVE-2020-3139 // NVD: CVE-2020-3139

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.1

problemtype:Incorrect input confirmation (CWE-20) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-181264 // JVNDB: JVNDB-2020-001460 // NVD: CVE-2020-3139

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202001-1129

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202001-1129

PATCH

title:cisco-sa-iptable-bypass-GxW88XjLurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iptable-bypass-GxW88XjL

Trust: 0.8

title:Cisco Application Policy Infrastructure Controller Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=110461

Trust: 0.6

sources: JVNDB: JVNDB-2020-001460 // CNNVD: CNNVD-202001-1129

EXTERNAL IDS

db:NVDid:CVE-2020-3139

Trust: 2.5

db:JVNDBid:JVNDB-2020-001460

Trust: 0.8

db:CNNVDid:CNNVD-202001-1129

Trust: 0.7

db:AUSCERTid:ESB-2020.0241

Trust: 0.6

db:CNVDid:CNVD-2020-14805

Trust: 0.1

db:VULHUBid:VHN-181264

Trust: 0.1

sources: VULHUB: VHN-181264 // JVNDB: JVNDB-2020-001460 // CNNVD: CNNVD-202001-1129 // NVD: CVE-2020-3139

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-iptable-bypass-gxw88xjl

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2020-3139

Trust: 1.4

url:https://www.auscert.org.au/bulletins/esb-2020.0241/

Trust: 0.6

sources: VULHUB: VHN-181264 // JVNDB: JVNDB-2020-001460 // CNNVD: CNNVD-202001-1129 // NVD: CVE-2020-3139

SOURCES

db:VULHUBid:VHN-181264
db:JVNDBid:JVNDB-2020-001460
db:CNNVDid:CNNVD-202001-1129
db:NVDid:CVE-2020-3139

LAST UPDATE DATE

2024-08-14T15:02:02.028000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-181264date:2020-01-28T00:00:00
db:JVNDBid:JVNDB-2020-001460date:2020-02-10T00:00:00
db:CNNVDid:CNNVD-202001-1129date:2020-03-03T00:00:00
db:NVDid:CVE-2020-3139date:2020-01-28T15:40:52.410

SOURCES RELEASE DATE

db:VULHUBid:VHN-181264date:2020-01-26T00:00:00
db:JVNDBid:JVNDB-2020-001460date:2020-02-10T00:00:00
db:CNNVDid:CNNVD-202001-1129date:2020-01-26T00:00:00
db:NVDid:CVE-2020-3139date:2020-01-26T05:15:17.850